Setup & Transfer system application detected as malware

Recommended Posts

Today (4/2/18) Malwarebytes Mobile is detecting the system application Setup & Transfer as the following:

Android/Trojan.Banker.Hqwar.i

This is a pre-existing (I think AT&T?) system application which cannot be removed only disabled - I also get a prompt asking if I want to whitelist it which I have not. There was only one other user who posted about this in the Malware Removal for Mobile forum (sorry if this is considered a cross-post). Has anyone else encountered this today? Any chance it is just a false positive?

App version: 3.2.1.2 and Malware database is 2018.04.02.01

Share this post

Link to post

Share on other sites

I received the same results about SETUP & TRANSFER on a AT&T device and another family member got the same result about Setup & Transfer from a different Security program as well. So I am "guessing" it is not a false positive. I reported this to AT&T.

It's located in: /system/priv-app/ready2Go_ATT/ready2Go_ATT.apk

Share this post

Link to post

Share on other sites

I don't think it is a false positive either, because i've had a fake amazon application appear on my screen that went nowhere at the login, multiple login requests from my phone for my main email at weird hours, and INCREDIBLY slow everything on my phone all of a sudden.

I have factory rest twice (both in different ways), and the second time almost got stuck rebooting. Did another scan, still there.

It could be coincidence on my end, but I pay really close attention to everything on my phone, and there has definitely been a change on it (s7 edge) .

I hope this gets fixed, I don't feel safe doing much on my phone, not even texting or calling.

Share this post

Link to post

Share on other sites

I have an S8+ on AT&T, and Malwarebytes just ran it's daily scan and found this on mine also in Setup & Transfer. I think that it's probably a FP, so I'm not going to try to get rid of it as of yet. I'm going to follow this thread and wait for further info first.

Share this post

Link to post

Share on other sites

Come on now Malwarebytes!!!!!!.....I received the same results about SETUP & TRANSFER on a AT&T device as well. I had Malwarebytes on my system for a while and all of a sudden it popped up last night causing a great deal of pain. i am wiped my device factory reset my device and it still shows up. No offense but i am thinking about throwing this software away if this is all a FP.. I am already paranoid.. and the answer AT&T gave me really pist me off... The rep told me mobile devices never get viruses or malware which couldn't be further from the truth. I thought maybe something came OTA (over the air) because i don't surf on my phone.It's located in: /system/priv-app/ready2Go_ATT/ready2Go_ATT.apk

Share this post

Link to post

Share on other sites

Add my name to the list of users with the same Malware alert on the same AT&T file; Samsung S7. Did a hard reset of the phone and it still shows up on the native app. I too have disabled the app as it cannot be removed without rooting the phone. Since I don't want a bricked phone, I'll wait to see if this is a FP or if removal instructions are forthcoming.

Share this post

Link to post

Share on other sites

Come on now Malwarebytes!!!!!!.....I received the same results about SETUP & TRANSFER on a AT&T device as well. I had Malwarebytes on my system for a while and all of a sudden it popped up last night causing a great deal of pain. i am wiped my device factory reset my device and it still shows up. No offense but i am thinking about throwing this software away if this is all a FP.. I am already paranoid.. and the answer AT&T gave me really pist me off... The rep told me mobile devices never get viruses or malware which couldn't be further from the truth. I thought maybe something came OTA (over the air) because i don't surf on my phone.It's located in: /system/priv-app/ready2Go_ATT/ready2Go_ATT.apk

Yeah, i'm getting paranoid as well, and thank you for saving me a call to them..

The answer you got from AT&T is very troubling, but I guess that's just what they are told to say to cover themselves.

Please Malwarebytes, i've stood by you guys and you have caught so many actual issues on my computers and phones in the past, just a little help would be good :}

Share on other sites

Share this post

Link to post

Share on other sites

I've also received alert, on a brand new Galaxy S8 Active. I've barely even used it yet & I've had Malwarebytes on phone since I walked out of at&t store, I have disabled but can not delete. Waiting on a offical response, getting paranoid after reading up a little on what trojan.banker.hqwar is designed to steal bank info. PLEASE HELP ASAP!

Share this post

Link to post

Share on other sites

I also received an alert last night, tried factory reset, etc., and no luck. I have an AT&T Samsung S7, but I use another carrier, so every time I've ever started it, I get a notification that Setup and Transfer is a service that is unavailable. So, could it still affect my phone?? Very worried here, too!